Firefly Iii@* Security Vulnerabilities and Issues — Firefly Iii@* CVE List

Lucene search

Firefly-iiiFirefly Iii*

18 matches found

CVE•added 2024/01/05 3:15 a.m.•199 views

CVE-2024-22075

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

6.1CVSS6.2AI score0.00115EPSS

CVE•added 2024/06/17 8:15 p.m.•81 views

CVE-2024-37893

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from oth...

5.9CVSS5.9AI score0.00021EPSS

CVE•added 2021/07/25 2:15 p.m.•66 views

CVE-2021-3663

firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts

7.5CVSS6.2AI score0.0016EPSS

CVE•added 2021/10/27 9:15 p.m.•59 views

CVE-2021-3901

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

8.8CVSS6.1AI score0.00108EPSS

CVE•added 2021/12/04 12:15 p.m.•58 views

CVE-2021-4005

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

4.3CVSS4.5AI score0.00161EPSS

CVE•added 2023/01/14 8:15 a.m.•55 views

CVE-2023-0298

Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.

6.5CVSS6.4AI score0.00049EPSS

CVE•added 2023/04/05 4:15 p.m.•55 views

CVE-2023-1788

Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.

9.8CVSS7.3AI score0.00074EPSS

CVE•added 2021/10/19 1:15 p.m.•54 views

CVE-2021-3851

firefly-iii is vulnerable to URL Redirection to Untrusted Site

5.4CVSS5.1AI score0.00169EPSS

CVE•added 2021/10/27 6:15 p.m.•54 views

CVE-2021-3900

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

6.5CVSS5.4AI score0.00143EPSS

CVE•added 2021/09/27 1:15 p.m.•51 views

CVE-2021-3819

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

8.8CVSS6.4AI score0.00141EPSS

CVE•added 2021/11/13 9:15 a.m.•51 views

CVE-2021-3921

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

5.4CVSS4.7AI score0.00117EPSS

CVE•added 2021/12/01 11:15 a.m.•46 views

CVE-2021-4015

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

4.3CVSS4.5AI score0.00117EPSS

CVE•added 2019/07/18 3:15 a.m.•43 views

CVE-2019-13644

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page. NOTE: It is asserted that an attacker must have the same acces...

5.4CVSS5.3AI score0.00225EPSS

Web

CVE•added 2019/07/18 3:15 a.m.•40 views

CVE-2019-13646

Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability

5.4CVSS5.3AI score0.00206EPSS

CVE•added 2021/10/19 1:15 p.m.•38 views

CVE-2021-3846

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type

8.8CVSS7.2AI score0.00237EPSS

CVE•added 2019/07/18 3:15 a.m.•37 views

CVE-2019-13645

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in or...

5.4CVSS5.3AI score0.00206EPSS

Web

CVE•added 2019/07/18 3:15 a.m.•35 views

CVE-2019-13647

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in ...

5.4CVSS5.3AI score0.00206EPSS

Web

CVE•added 2023/04/01 2:15 a.m.•33 views

CVE-2023-1789

Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.

9.8CVSS7.2AI score0.00038EPSS